From: InfoSec News (isnc4i.org)
Date: Fri Oct 01 2004 - 05:12:40 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.gcn.com/vol1_no1/daily-updates/27489-1.html

By Wilson P. Dizard III
GCN Staff
09/30/04

Weaknesses in the Energy Department's cybersecurity allowed hackers to
successfully penetrate its systems 199 times last year in intrusions
that affected 3,531 systems, the department's inspector general said.

Energy continues to have difficulty finding, tracking and fixing
previously reported cybersecurity weaknesses quickly, the IG said in a
report, "The Department's Unclassified Cyber Security Program - 2004." [1]

The report praised the department for improving its cybersecurity
efforts, but pointed to continuing gaps in its virtual defenses, such
as:

* Incomplete certification and accreditation of major systems

* Missing contingency plans for restoring systems after an emergency

* Continuing problems with access control, segregation of
  responsibilities for financial processing and correction of known
  security vulnerabilities.

"Without continuing vigilance in this area, it is likely that future
attacks will continue to jeopardize the availability and integrity of
critical IT assets," the auditors said.

The IG urged the department to track corrective actions needed to fix
cybersecurity weaknesses, verify the effectiveness of the actions,
strengthen methods of assuring that department employees understand
the organization's IT policies, and ensure that all major systems are
certified and accredited.

The report said Energy management's proposed actions were "responsive
to our recommendations," without elaborating on or presenting the
actions. The IG report did not describe specific IT vulnerabilities.

[1] http://www.ig.doe.gov/pdf/ig-0662.pdf

_________________________________________
Donate online for the Ron Santo Walk to Cure Diabetes - http://www.c4i.org/ethan.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]